High Privilege Vulnerability in Oracle Hospitality Reporting and Analytics
CVE-2020-14594

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 15 July 2020

Summary

A significant vulnerability exists in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications, specifically concerning Inventory Integration. This flaw can be exploited by an attacker with high privileges who has the ability to log on to the infrastructure where the application operates. It allows them to potentially compromise the entire reporting and analytics system. Successfully executing an attack requires the interaction of a separate individual, thus highlighting the importance of user awareness and security protocols. If exploited, the attacker may gain control over the Oracle Hospitality Reporting and Analytics system, posing severe risks to data confidentiality, integrity, and availability.

Affected Version(s)

Hospitality Reporting and Analytics 9.1.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020